inteligr8/alfresco-community-repo
1
0
Fork 0
mirror of https://github.com/Alfresco/alfresco-community-repo.git synced 2025-07-24 17:32:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

Heinous merge from HEAD. Seems to basically work. Be on guard however.

Browse Source 
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/BRANCHES/WCM-DEV2/root@4137 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
This commit is contained in:
Britt Park
2006-10-18 02:24:36 +00:00
parent 6441f470f5
commit 111296d4dc
156 changed files with 18940 additions and 14167 deletions
Download Patch File Download Diff File Expand all files Collapse all files

315
source/java/org/alfresco/repo/security/authentication/DefaultMutableAuthenticationDao.java
View File

@@ -25,219 +25,359 @@ import org.alfresco.error.AlfrescoRuntimeException;
import org.springframework.dao.DataAccessException;
/**
* An authority DAO that has no implementation and should not be called.
* An authority DAO that has no implementation.
*
* By default it will throw an exception if any method is called.
*
* Any of the getter/setter methods can be enabled with a no action implementation.
*
* This can support deleting users via the UI for LDAP and NTLM. The Alfresco person object is deleted from the UI.
* The call to delete the user will return with no action.
*
* The following methods will always fail.
*
* getMD4HashedPassword(String userName)
* loadUserByUsername(String arg0)
* getSalt(UserDetails user)
*
* @author Andy Hind
*/
public class DefaultMutableAuthenticationDao implements MutableAuthenticationDao
{
private boolean allowCreateUser = false;
private boolean allowUpdateUser = false;
private boolean allowDeleteUser = false;
private boolean allowSetEnabled = false;
private boolean allowGetEnabled = false;
private boolean allowSetAccountExpires = false;
private boolean allowGetAccountHasExpired = false;
private boolean allowSetCredentialsExpire = false;
private boolean allowGetCredentialsExpire = false;
private boolean allowGetCredentialsHaveExpired = false;
private boolean allowSetAccountLocked = false;
private boolean allowGetAccountLocked = false;
private boolean allowSetAccountExpiryDate = false;
private boolean allowGetAccountExpiryDate = false;
private boolean allowSetCredentialsExpiryDate = false;
private boolean allowGetCredentialsExpiryDate = false;
/**
* Create a user with the given userName and password
*
* If enabled does nothing.
*
* @param userName
* @param rawPassword
* @throws AuthenticationException
*/
public void createUser(String userName, char[] rawPassword) throws AuthenticationException
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowCreateUser)
{
throw new AlfrescoRuntimeException("Create User is not supported");
}
}
/**
* Update a user's password.
*
* If enabled does nothing.
*
* @param userName
* @param rawPassword
* @throws AuthenticationException
*/
public void updateUser(String userName, char[] rawPassword) throws AuthenticationException
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowUpdateUser)
{
throw new AlfrescoRuntimeException("Update user is not supported");
}
}
/**
* Delete a user.
*
* If enabled does nothing.
*
* @param userName
* @throws AuthenticationException
*/
public void deleteUser(String userName) throws AuthenticationException
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowDeleteUser)
{
throw new AlfrescoRuntimeException("Delete user is not supported");
}
}
/**
* Check is a user exists.
*
* If enabled returns true.
*
* @param userName
* @return
*/
public boolean userExists(String userName)
{
// All users may exist
return true;
}
/**
* Enable/disable a user.
*
* If enabled does nothing.
*
* @param userName
* @param enabled
*/
public void setEnabled(String userName, boolean enabled)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowSetEnabled)
{
throw new AlfrescoRuntimeException("Set enabled is not supported");
}
}
/**
* Getter for user enabled
*
* If enabled returns true.
*
* @param userName
* @return
*/
public boolean getEnabled(String userName)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowGetEnabled)
{
throw new AlfrescoRuntimeException("Get enabled is not supported");
}
return true;
}
/**
* Set if the account should expire
*
* If enabled does nothing.
*
* @param userName
* @param expires
*/
public void setAccountExpires(String userName, boolean expires)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowSetAccountExpires)
{
throw new AlfrescoRuntimeException("Set account expires is not supported");
}
}
/**
* Does the account expire?
*
* If enabled returns false.
*
* @param userName
* @return
*/
public boolean getAccountExpires(String userName)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowSetAccountExpires)
{
throw new AlfrescoRuntimeException("Get account expires is not supported");
}
return false;
}
/**
* Has the account expired?
*
* If enabled returns false.
*
* @param userName
* @return
*/
public boolean getAccountHasExpired(String userName)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowGetAccountHasExpired)
{
throw new AlfrescoRuntimeException("Get account has expired is not supported");
}
return false;
}
/**
* Set if the password expires.
*
* If enabled does nothing.
*
* @param userName
* @param expires
*/
public void setCredentialsExpire(String userName, boolean expires)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowSetCredentialsExpire)
{
throw new AlfrescoRuntimeException("Set credentials expire is not supported");
}
}
/**
* Do the credentials for the user expire?
*
* If enabled returns false.
*
* @param userName
* @return
*/
public boolean getCredentialsExpire(String userName)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowGetCredentialsExpire)
{
throw new AlfrescoRuntimeException("Get credentials expire is not supported");
}
return false;
}
/**
* Have the credentials for the user expired?
*
* If enabled returns false.
*
* @param userName
* @return
*/
public boolean getCredentialsHaveExpired(String userName)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowGetCredentialsHaveExpired)
{
throw new AlfrescoRuntimeException("Get credentials have expired is not supported");
}
return false;
}
/**
* Set if the account is locked.
*
* If enabled does nothing.
*
* @param userName
* @param locked
*/
public void setLocked(String userName, boolean locked)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowSetAccountLocked)
{
throw new AlfrescoRuntimeException("Set account locked is not supported");
}
}
/**
* Is the account locked?
*
* If enabled returns false.
*
* @param userName
* @return
*/
public boolean getAccountlocked(String userName)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowGetAccountLocked)
{
throw new AlfrescoRuntimeException("Get account locked is not supported");
}
return false;
}
/**
* Set the date on which the account expires
*
* If enabled does nothing.
*
* @param userName
* @param exipryDate
*/
public void setAccountExpiryDate(String userName, Date exipryDate)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowSetAccountExpiryDate)
{
throw new AlfrescoRuntimeException("Set account expiry date is not supported");
}
}
/**
/**
* Get the date when this account expires.
*
* If enabled returns null.
*
* @param userName
* @return
*/
public Date getAccountExpiryDate(String userName)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowGetAccountExpiryDate)
{
throw new AlfrescoRuntimeException("Get account expiry date is not supported");
}
return null;
}
/**
* Set the date when credentials expire.
*
* If enabled does nothing.
*
* @param userName
* @param exipryDate
*/
public void setCredentialsExpiryDate(String userName, Date exipryDate)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowSetCredentialsExpiryDate)
{
throw new AlfrescoRuntimeException("Set credentials expiry date is not supported");
}
}
/**
* Get the date when the credentials/password expire.
*
* If enabled returns null.
*
* @param userName
* @return
*/
public Date getCredentialsExpiryDate(String userName)
{
throw new AlfrescoRuntimeException("Not implemented");
if (!allowGetCredentialsExpiryDate)
{
throw new AlfrescoRuntimeException("Get credentials expiry date is not supported");
}
return null;
}
/**
* Get the MD4 password hash
*
* Always throws an exception.
*
* @param userName
* @return
*/
@@ -249,7 +389,10 @@ public class DefaultMutableAuthenticationDao implements MutableAuthenticationDao
/**
* Return the user details for the specified user
*
* @param user String
* Always throws an exception.
*
* @param user
* String
* @return UserDetails
* @exception UsernameNotFoundException
* @exception DataAccessException
@@ -262,11 +405,99 @@ public class DefaultMutableAuthenticationDao implements MutableAuthenticationDao
/**
* Return salt for user
*
* @param user UserDetails
* Always throws an exception.
*
* @param user
* UserDetails
* @return Object
*/
public Object getSalt(UserDetails user)
{
throw new AlfrescoRuntimeException("Not implemented");
}
// -------- //
// Bean IOC //
// -------- //
public void setAllowCreateUser(boolean allowCreateUser)
{
this.allowCreateUser = allowCreateUser;
}
public void setAllowDeleteUser(boolean allowDeleteUser)
{
this.allowDeleteUser = allowDeleteUser;
}
public void setAllowGetAccountExpiryDate(boolean allowGetAccountExpiryDate)
{
this.allowGetAccountExpiryDate = allowGetAccountExpiryDate;
}
public void setAllowGetAccountHasExpired(boolean allowGetAccountHasExpired)
{
this.allowGetAccountHasExpired = allowGetAccountHasExpired;
}
public void setAllowGetAccountLocked(boolean allowGetAccountLocked)
{
this.allowGetAccountLocked = allowGetAccountLocked;
}
public void setAllowGetCredentialsExpire(boolean allowGetCredentialsExpire)
{
this.allowGetCredentialsExpire = allowGetCredentialsExpire;
}
public void setAllowGetCredentialsExpiryDate(boolean allowGetCredentialsExpiryDate)
{
this.allowGetCredentialsExpiryDate = allowGetCredentialsExpiryDate;
}
public void setAllowGetCredentialsHaveExpired(boolean allowGetCredentialsHaveExpired)
{
this.allowGetCredentialsHaveExpired = allowGetCredentialsHaveExpired;
}
public void setAllowGetEnabled(boolean allowGetEnabled)
{
this.allowGetEnabled = allowGetEnabled;
}
public void setAllowSetAccountExpires(boolean allowSetAccountExpires)
{
this.allowSetAccountExpires = allowSetAccountExpires;
}
public void setAllowSetAccountExpiryDate(boolean allowSetAccountExpiryDate)
{
this.allowSetAccountExpiryDate = allowSetAccountExpiryDate;
}
public void setAllowSetAccountLocked(boolean allowSetAccountLocked)
{
this.allowSetAccountLocked = allowSetAccountLocked;
}
public void setAllowSetCredentialsExpire(boolean allowSetCredentialsExpire)
{
this.allowSetCredentialsExpire = allowSetCredentialsExpire;
}
public void setAllowSetCredentialsExpiryDate(boolean allowSetCredentialsExpiryDate)
{
this.allowSetCredentialsExpiryDate = allowSetCredentialsExpiryDate;
}
public void setAllowSetEnabled(boolean allowSetEnabled)
{
this.allowSetEnabled = allowSetEnabled;
}
public void setAllowUpdateUser(boolean allowUpdateUser)
{
this.allowUpdateUser = allowUpdateUser;
}
}

1532
source/java/org/alfresco/repo/security/authentication/ldap/LDAPGroupExportSource.java
View File

File diff suppressed because it is too large Load Diff

124
source/java/org/alfresco/repo/security/authentication/ldap/LDAPInitialDirContextFactoryImpl.java
View File

@@ -30,17 +30,22 @@ import javax.naming.directory.InitialDirContext;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.util.ApplicationContextHelper;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.ApplicationContext;
public class LDAPInitialDirContextFactoryImpl implements LDAPInitialDirContextFactory
public class LDAPInitialDirContextFactoryImpl implements LDAPInitialDirContextFactory, InitializingBean
{
private static final Log logger = LogFactory.getLog(LDAPInitialDirContextFactoryImpl.class);
private Map<String, String> initialDirContextEnvironment = Collections.<String, String> emptyMap();
static
{
System.setProperty("javax.security.auth.useSubjectCredentialsOnly", "false");
}
public LDAPInitialDirContextFactoryImpl()
{
super();
@@ -87,11 +92,22 @@ public class LDAPInitialDirContextFactoryImpl implements LDAPInitialDirContextFa
{
throw new AuthenticationException("Null user name provided.");
}
if (principal.length() == 0)
{
throw new AuthenticationException("Empty user name provided.");
}
if (credentials == null)
{
throw new AuthenticationException("No credentials provided.");
}
if (credentials.length() == 0)
{
throw new AuthenticationException("Empty credentials provided.");
}
Hashtable<String, String> env = new Hashtable<String, String>(initialDirContextEnvironment.size());
env.putAll(initialDirContextEnvironment);
env.put(Context.SECURITY_PRINCIPAL, principal);
@@ -187,4 +203,108 @@ public class LDAPInitialDirContextFactoryImpl implements LDAPInitialDirContextFa
}
public void afterPropertiesSet() throws Exception
{
// Check Anonymous bind
Hashtable<String, String> env = new Hashtable<String, String>(initialDirContextEnvironment.size());
env.putAll(initialDirContextEnvironment);
env.remove(Context.SECURITY_PRINCIPAL);
env.remove(Context.SECURITY_CREDENTIALS);
try
{
new InitialDirContext(env);
logger.warn("LDAP server supports anonymous bind " + env.get(Context.PROVIDER_URL));
}
catch (javax.naming.AuthenticationException ax)
{
}
catch (NamingException nx)
{
throw new AuthenticationException("Unable to connect to LDAP Server; check LDAP configuration", nx);
}
// Simple DN and password
env = new Hashtable<String, String>(initialDirContextEnvironment.size());
env.putAll(initialDirContextEnvironment);
env.put(Context.SECURITY_PRINCIPAL, "daftAsABrush");
env.put(Context.SECURITY_CREDENTIALS, "daftAsABrush");
try
{
new InitialDirContext(env);
throw new AuthenticationException(
"The ldap server at "
+ env.get(Context.PROVIDER_URL)
+ " falls back to use anonymous bind if invalid security credentials are presented. This is not supported.");
}
catch (javax.naming.AuthenticationException ax)
{
logger.info("LDAP server does not fall back to anonymous bind for a string uid and password at " + env.get(Context.PROVIDER_URL));
}
catch (NamingException nx)
{
logger.info("LDAP server does not support simple string user ids and invalid credentials at "+ env.get(Context.PROVIDER_URL));
}
// DN and password
env = new Hashtable<String, String>(initialDirContextEnvironment.size());
env.putAll(initialDirContextEnvironment);
env.put(Context.SECURITY_PRINCIPAL, "cn=daftAsABrush,dc=woof");
env.put(Context.SECURITY_CREDENTIALS, "daftAsABrush");
try
{
new InitialDirContext(env);
throw new AuthenticationException(
"The ldap server at "
+ env.get(Context.PROVIDER_URL)
+ " falls back to use anonymous bind if invalid security credentials are presented. This is not supported.");
}
catch (javax.naming.AuthenticationException ax)
{
logger.info("LDAP server does not fall back to anonymous bind for a simple dn and password at " + env.get(Context.PROVIDER_URL));
}
catch (NamingException nx)
{
logger.info("LDAP server does not support simple DN and invalid password at "+ env.get(Context.PROVIDER_URL));
}
// Check more if we have a real principal we expect to work
env = new Hashtable<String, String>(initialDirContextEnvironment.size());
env.putAll(initialDirContextEnvironment);
if(env.get(Context.SECURITY_PRINCIPAL) != null)
{
// Correct principal invalid password
env = new Hashtable<String, String>(initialDirContextEnvironment.size());
env.putAll(initialDirContextEnvironment);
env.put(Context.SECURITY_CREDENTIALS, "sdasdasdasdasd123123123");
try
{
new InitialDirContext(env);
throw new AuthenticationException(
"The ldap server at "
+ env.get(Context.PROVIDER_URL)
+ " falls back to use anonymous bind for a known principal if invalid security credentials are presented. This is not supported.");
}
catch (javax.naming.AuthenticationException ax)
{
logger.info("LDAP server does not fall back to anonymous bind for known principal and invalid credentials at " + env.get(Context.PROVIDER_URL));
}
catch (NamingException nx)
{
// already donw
}
}
}
}

676
source/java/org/alfresco/repo/security/authentication/ldap/LDAPPersonExportSource.java
View File

@@ -1,334 +1,342 @@
/*
* Copyright (C) 2005-2006 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.repo.security.authentication.ldap;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.Writer;
import java.util.Collection;
import java.util.Map;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.transaction.UserTransaction;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.importer.ExportSource;
import org.alfresco.repo.importer.ExportSourceImporterException;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.ApplicationContextHelper;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.dom4j.io.OutputFormat;
import org.dom4j.io.XMLWriter;
import org.springframework.context.ApplicationContext;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.AttributesImpl;
public class LDAPPersonExportSource implements ExportSource
{
private static Log s_logger = LogFactory.getLog(LDAPPersonExportSource.class);
private String personQuery = "(objectclass=inetOrgPerson)";
private String searchBase;
private String userIdAttributeName;
private LDAPInitialDirContextFactory ldapInitialContextFactory;
private PersonService personService;
private Map<String, String> attributeMapping;
private NamespaceService namespaceService;
private String defaultHomeFolder;
public LDAPPersonExportSource()
{
super();
}
public void setPersonQuery(String personQuery)
{
this.personQuery = personQuery;
}
public void setSearchBase(String searchBase)
{
this.searchBase = searchBase;
}
public void setUserIdAttributeName(String userIdAttributeName)
{
this.userIdAttributeName = userIdAttributeName;
}
public void setLDAPInitialDirContextFactory(LDAPInitialDirContextFactory ldapInitialDirContextFactory)
{
this.ldapInitialContextFactory = ldapInitialDirContextFactory;
}
public void setPersonService(PersonService personService)
{
this.personService = personService;
}
public void setDefaultHomeFolder(String defaultHomeFolder)
{
this.defaultHomeFolder = defaultHomeFolder;
}
public void setNamespaceService(NamespaceService namespaceService)
{
this.namespaceService = namespaceService;
}
public void setAttributeMapping(Map<String, String> attributeMapping)
{
this.attributeMapping = attributeMapping;
}
public void generateExport(XMLWriter writer)
{
QName nodeUUID = QName.createQName("sys:node-uuid", namespaceService);
Collection<String> prefixes = namespaceService.getPrefixes();
QName childQName = QName.createQName(NamespaceService.REPOSITORY_VIEW_PREFIX, "childName", namespaceService);
try
{
AttributesImpl attrs = new AttributesImpl();
attrs.addAttribute(NamespaceService.REPOSITORY_VIEW_1_0_URI, childQName.getLocalName(), childQName
.toPrefixString(), null, ContentModel.TYPE_PERSON.toPrefixString(namespaceService));
writer.startDocument();
for (String prefix : prefixes)
{
if (!prefix.equals("xml"))
{
String uri = namespaceService.getNamespaceURI(prefix);
writer.startPrefixMapping(prefix, uri);
}
}
writer.startElement(NamespaceService.REPOSITORY_VIEW_PREFIX, "view",
NamespaceService.REPOSITORY_VIEW_PREFIX + ":" + "view", new AttributesImpl());
InitialDirContext ctx = null;
try
{
ctx = ldapInitialContextFactory.getDefaultIntialDirContext();
// Authentication has been successful.
// Set the current user, they are now authenticated.
SearchControls userSearchCtls = new SearchControls();
userSearchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
userSearchCtls.setCountLimit(Integer.MAX_VALUE);
NamingEnumeration searchResults = ctx.search(searchBase, personQuery, userSearchCtls);
while (searchResults.hasMoreElements())
{
SearchResult result = (SearchResult) searchResults.next();
Attributes attributes = result.getAttributes();
Attribute uidAttribute = attributes.get(userIdAttributeName);
if (uidAttribute == null)
{
throw new ExportSourceImporterException(
"User returned by user search does not have mandatory user id attribute " + attributes);
}
String uid = (String) uidAttribute.get(0);
if (s_logger.isDebugEnabled())
{
s_logger.debug("Adding user for " + uid);
}
writer.startElement(ContentModel.TYPE_PERSON.getNamespaceURI(), ContentModel.TYPE_PERSON
.getLocalName(), ContentModel.TYPE_PERSON.toPrefixString(namespaceService), attrs);
// permissions
// owner
writer.startElement(ContentModel.ASPECT_OWNABLE.getNamespaceURI(), ContentModel.ASPECT_OWNABLE
.getLocalName(), ContentModel.ASPECT_OWNABLE.toPrefixString(namespaceService),
new AttributesImpl());
writer.endElement(ContentModel.ASPECT_OWNABLE.getNamespaceURI(), ContentModel.ASPECT_OWNABLE
.getLocalName(), ContentModel.ASPECT_OWNABLE.toPrefixString(namespaceService));
writer.startElement(ContentModel.PROP_OWNER.getNamespaceURI(), ContentModel.PROP_OWNER
.getLocalName(), ContentModel.PROP_OWNER.toPrefixString(namespaceService),
new AttributesImpl());
writer.characters(uid.toCharArray(), 0, uid.length());
writer.endElement(ContentModel.PROP_OWNER.getNamespaceURI(),
ContentModel.PROP_OWNER.getLocalName(), ContentModel.PROP_OWNER
.toPrefixString(namespaceService));
for (String key : attributeMapping.keySet())
{
QName keyQName = QName.createQName(key, namespaceService);
writer.startElement(keyQName.getNamespaceURI(), keyQName.getLocalName(), keyQName
.toPrefixString(namespaceService), new AttributesImpl());
// cater for null
String attributeName = attributeMapping.get(key);
if (attributeName != null)
{
Attribute attribute = attributes.get(attributeName);
if (attribute != null)
{
String value = (String) attribute.get(0);
if (value != null)
{
writer.characters(value.toCharArray(), 0, value.length());
}
}
}
writer.endElement(keyQName.getNamespaceURI(), keyQName.getLocalName(), keyQName
.toPrefixString(namespaceService));
}
// Default home folder
if (!(attributeMapping.keySet().contains(ContentModel.PROP_HOMEFOLDER.toString()) || attributeMapping
.keySet().contains(ContentModel.PROP_HOMEFOLDER.toPrefixString(namespaceService))))
{
// Only if we are creating the person for the first time
if (!personService.personExists(uid))
{
writer.startElement(ContentModel.PROP_HOMEFOLDER.getNamespaceURI(),
ContentModel.PROP_HOMEFOLDER.getLocalName(), ContentModel.PROP_HOMEFOLDER
.toPrefixString(namespaceService), new AttributesImpl());
if (defaultHomeFolder != null)
{
writer.characters(defaultHomeFolder.toCharArray(), 0, defaultHomeFolder.length());
}
writer.endElement(ContentModel.PROP_HOMEFOLDER.getNamespaceURI(),
ContentModel.PROP_HOMEFOLDER.getLocalName(), ContentModel.PROP_HOMEFOLDER
.toPrefixString(namespaceService));
}
}
if (personService.personExists(uid))
{
String uguid = personService.getPerson(uid).getId();
writer.startElement(nodeUUID.getNamespaceURI(), nodeUUID.getLocalName(), nodeUUID
.toPrefixString(namespaceService), new AttributesImpl());
writer.characters(uguid.toCharArray(), 0, uguid.length());
writer.endElement(nodeUUID.getNamespaceURI(), nodeUUID.getLocalName(), nodeUUID
.toPrefixString(namespaceService));
}
writer.endElement(ContentModel.TYPE_PERSON.getNamespaceURI(), ContentModel.TYPE_PERSON
.getLocalName(), ContentModel.TYPE_PERSON.toPrefixString(namespaceService));
}
}
catch (NamingException e)
{
throw new ExportSourceImporterException("Failed to import people.", e);
}
finally
{
if (ctx != null)
{
try
{
ctx.close();
}
catch (NamingException e)
{
throw new ExportSourceImporterException("Failed to import people.", e);
}
}
}
for (String prefix : prefixes)
{
if (!prefix.equals("xml"))
{
writer.endPrefixMapping(prefix);
}
}
writer.endElement(NamespaceService.REPOSITORY_VIEW_PREFIX, "view", NamespaceService.REPOSITORY_VIEW_PREFIX
+ ":" + "view");
writer.endDocument();
}
catch (SAXException e)
{
throw new ExportSourceImporterException("Failed to create file for import.", e);
}
}
public static void main(String[] args) throws Exception
{
ApplicationContext ctx = ApplicationContextHelper.getApplicationContext();
ExportSource source = (ExportSource) ctx.getBean("ldapPeopleExportSource");
TransactionService txs = (TransactionService) ctx.getBean("transactionComponent");
UserTransaction tx = txs.getUserTransaction();
tx.begin();
File file = new File(args[0]);
Writer writer = new BufferedWriter(new FileWriter(file));
XMLWriter xmlWriter = createXMLExporter(writer);
source.generateExport(xmlWriter);
xmlWriter.close();
tx.commit();
}
private static XMLWriter createXMLExporter(Writer writer)
{
// Define output format
OutputFormat format = OutputFormat.createPrettyPrint();
format.setNewLineAfterDeclaration(false);
format.setIndentSize(3);
format.setEncoding("UTF-8");
// Construct an XML Exporter
XMLWriter xmlWriter = new XMLWriter(writer, format);
return xmlWriter;
}
}
/*
* Copyright (C) 2005-2006 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.repo.security.authentication.ldap;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.Writer;
import java.util.Collection;
import java.util.Map;
import javax.naming.NamingEnumeration;
import javax.naming.NamingException;
import javax.naming.directory.Attribute;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.naming.directory.SearchControls;
import javax.naming.directory.SearchResult;
import javax.transaction.UserTransaction;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.importer.ExportSource;
import org.alfresco.repo.importer.ExportSourceImporterException;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.ApplicationContextHelper;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.dom4j.io.OutputFormat;
import org.dom4j.io.XMLWriter;
import org.springframework.context.ApplicationContext;
import org.xml.sax.SAXException;
import org.xml.sax.helpers.AttributesImpl;
public class LDAPPersonExportSource implements ExportSource
{
private static Log s_logger = LogFactory.getLog(LDAPPersonExportSource.class);
private String personQuery = "(objectclass=inetOrgPerson)";
private String searchBase;
private String userIdAttributeName;
private LDAPInitialDirContextFactory ldapInitialContextFactory;
private PersonService personService;
private Map<String, String> attributeMapping;
private NamespaceService namespaceService;
private Map<String, String> attributeDefaults;
private boolean errorOnMissingUID;
public LDAPPersonExportSource()
{
super();
}
public void setPersonQuery(String personQuery)
{
this.personQuery = personQuery;
}
public void setSearchBase(String searchBase)
{
this.searchBase = searchBase;
}
public void setUserIdAttributeName(String userIdAttributeName)
{
this.userIdAttributeName = userIdAttributeName;
}
public void setLDAPInitialDirContextFactory(LDAPInitialDirContextFactory ldapInitialDirContextFactory)
{
this.ldapInitialContextFactory = ldapInitialDirContextFactory;
}
public void setPersonService(PersonService personService)
{
this.personService = personService;
}
public void setAttributeDefaults(Map<String, String> attributeDefaults)
{
this.attributeDefaults = attributeDefaults;
}
public void setNamespaceService(NamespaceService namespaceService)
{
this.namespaceService = namespaceService;
}
public void setAttributeMapping(Map<String, String> attributeMapping)
{
this.attributeMapping = attributeMapping;
}
public void setErrorOnMissingUID(boolean errorOnMissingUID)
{
this.errorOnMissingUID = errorOnMissingUID;
}
public void generateExport(XMLWriter writer)
{
QName nodeUUID = QName.createQName("sys:node-uuid", namespaceService);
Collection<String> prefixes = namespaceService.getPrefixes();
QName childQName = QName.createQName(NamespaceService.REPOSITORY_VIEW_PREFIX, "childName", namespaceService);
try
{
AttributesImpl attrs = new AttributesImpl();
attrs.addAttribute(NamespaceService.REPOSITORY_VIEW_1_0_URI, childQName.getLocalName(), childQName
.toPrefixString(), null, ContentModel.TYPE_PERSON.toPrefixString(namespaceService));
writer.startDocument();
for (String prefix : prefixes)
{
if (!prefix.equals("xml"))
{
String uri = namespaceService.getNamespaceURI(prefix);
writer.startPrefixMapping(prefix, uri);
}
}
writer.startElement(NamespaceService.REPOSITORY_VIEW_PREFIX, "view",
NamespaceService.REPOSITORY_VIEW_PREFIX + ":" + "view", new AttributesImpl());
InitialDirContext ctx = null;
try
{
ctx = ldapInitialContextFactory.getDefaultIntialDirContext();
// Authentication has been successful.
// Set the current user, they are now authenticated.
SearchControls userSearchCtls = new SearchControls();
userSearchCtls.setSearchScope(SearchControls.SUBTREE_SCOPE);
userSearchCtls.setCountLimit(Integer.MAX_VALUE);
NamingEnumeration searchResults = ctx.search(searchBase, personQuery, userSearchCtls);
while (searchResults.hasMoreElements())
{
SearchResult result = (SearchResult) searchResults.next();
Attributes attributes = result.getAttributes();
Attribute uidAttribute = attributes.get(userIdAttributeName);
if (uidAttribute == null)
{
if(errorOnMissingUID)
{
throw new ExportSourceImporterException(
"User returned by user search does not have mandatory user id attribute " + attributes);
}
else
{
s_logger.warn("User returned by user search does not have mandatory user id attribute " + attributes);
continue;
}
}
String uid = (String) uidAttribute.get(0);
if (s_logger.isDebugEnabled())
{
s_logger.debug("Adding user for " + uid);
}
writer.startElement(ContentModel.TYPE_PERSON.getNamespaceURI(), ContentModel.TYPE_PERSON
.getLocalName(), ContentModel.TYPE_PERSON.toPrefixString(namespaceService), attrs);
// permissions
// owner
writer.startElement(ContentModel.ASPECT_OWNABLE.getNamespaceURI(), ContentModel.ASPECT_OWNABLE
.getLocalName(), ContentModel.ASPECT_OWNABLE.toPrefixString(namespaceService),
new AttributesImpl());
writer.endElement(ContentModel.ASPECT_OWNABLE.getNamespaceURI(), ContentModel.ASPECT_OWNABLE
.getLocalName(), ContentModel.ASPECT_OWNABLE.toPrefixString(namespaceService));
writer.startElement(ContentModel.PROP_OWNER.getNamespaceURI(), ContentModel.PROP_OWNER
.getLocalName(), ContentModel.PROP_OWNER.toPrefixString(namespaceService),
new AttributesImpl());
writer.characters(uid.toCharArray(), 0, uid.length());
writer.endElement(ContentModel.PROP_OWNER.getNamespaceURI(),
ContentModel.PROP_OWNER.getLocalName(), ContentModel.PROP_OWNER
.toPrefixString(namespaceService));
for (String key : attributeMapping.keySet())
{
QName keyQName = QName.createQName(key, namespaceService);
writer.startElement(keyQName.getNamespaceURI(), keyQName.getLocalName(), keyQName
.toPrefixString(namespaceService), new AttributesImpl());
// cater for null
String attributeName = attributeMapping.get(key);
if (attributeName != null)
{
Attribute attribute = attributes.get(attributeName);
if (attribute != null)
{
String value = (String) attribute.get(0);
if (value != null)
{
writer.characters(value.toCharArray(), 0, value.length());
}
}
else
{
String defaultValue = attributeDefaults.get(key);
if(defaultValue != null)
{
writer.characters(defaultValue.toCharArray(), 0, defaultValue.length());
}
}
}
else
{
String defaultValue = attributeDefaults.get(key);
if(defaultValue != null)
{
writer.characters(defaultValue.toCharArray(), 0, defaultValue.length());
}
}
writer.endElement(keyQName.getNamespaceURI(), keyQName.getLocalName(), keyQName
.toPrefixString(namespaceService));
}
if (personService.personExists(uid))
{
String uguid = personService.getPerson(uid).getId();
writer.startElement(nodeUUID.getNamespaceURI(), nodeUUID.getLocalName(), nodeUUID
.toPrefixString(namespaceService), new AttributesImpl());
writer.characters(uguid.toCharArray(), 0, uguid.length());
writer.endElement(nodeUUID.getNamespaceURI(), nodeUUID.getLocalName(), nodeUUID
.toPrefixString(namespaceService));
}
writer.endElement(ContentModel.TYPE_PERSON.getNamespaceURI(), ContentModel.TYPE_PERSON
.getLocalName(), ContentModel.TYPE_PERSON.toPrefixString(namespaceService));
}
}
catch (NamingException e)
{
throw new ExportSourceImporterException("Failed to import people.", e);
}
finally
{
if (ctx != null)
{
try
{
ctx.close();
}
catch (NamingException e)
{
throw new ExportSourceImporterException("Failed to import people.", e);
}
}
}
for (String prefix : prefixes)
{
if (!prefix.equals("xml"))
{
writer.endPrefixMapping(prefix);
}
}
writer.endElement(NamespaceService.REPOSITORY_VIEW_PREFIX, "view", NamespaceService.REPOSITORY_VIEW_PREFIX
+ ":" + "view");
writer.endDocument();
}
catch (SAXException e)
{
throw new ExportSourceImporterException("Failed to create file for import.", e);
}
}
public static void main(String[] args) throws Exception
{
ApplicationContext ctx = ApplicationContextHelper.getApplicationContext();
ExportSource source = (ExportSource) ctx.getBean("ldapPeopleExportSource");
TransactionService txs = (TransactionService) ctx.getBean("transactionComponent");
UserTransaction tx = txs.getUserTransaction();
tx.begin();
File file = new File(args[0]);
Writer writer = new BufferedWriter(new FileWriter(file));
XMLWriter xmlWriter = createXMLExporter(writer);
source.generateExport(xmlWriter);
xmlWriter.close();
tx.commit();
}
private static XMLWriter createXMLExporter(Writer writer)
{
// Define output format
OutputFormat format = OutputFormat.createPrettyPrint();
format.setNewLineAfterDeclaration(false);
format.setIndentSize(3);
format.setEncoding("UTF-8");
// Construct an XML Exporter
XMLWriter xmlWriter = new XMLWriter(writer, format);
return xmlWriter;
}
}

8
source/java/org/alfresco/repo/security/authentication/ntlm/NTLMAuthenticationComponentImpl.java
View File

@@ -531,6 +531,9 @@ public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationCompo
authSess = m_passthruServers.openSession();
if ( authSess == null)
throw new AuthenticationException("Failed to open session to passthru server");
// Authenticate using the credentials supplied
authenticateLocal(ntlmToken, authSess);
@@ -748,6 +751,11 @@ public class NTLMAuthenticationComponentImpl extends AbstractAuthenticationCompo
authSess = m_passthruServers.openSession();
// Check if the session was opened to the passthru server
if ( authSess == null)
throw new AuthenticationServiceException("Failed to open passthru auth session");
ntlmToken.setAuthenticationExpireTime(System.currentTimeMillis() + getSessionTimeout());
// Get the challenge from the initial session negotiate stage

32
source/java/org/alfresco/repo/security/permissions/dynamic/LockOwnerDynamicAuthority.java
View File

@@ -26,30 +26,34 @@ import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.security.PermissionService;
import org.springframework.beans.factory.InitializingBean;
/**
* LockOwnerDynamicAuthority
*/
public class LockOwnerDynamicAuthority implements DynamicAuthority, InitializingBean
{
private LockService lockService;
private NodeService nodeService;
public LockOwnerDynamicAuthority()
{
super();
}
public boolean hasAuthority(NodeRef nodeRef, String userName)
{
if(lockService.getLockStatus(nodeRef) == LockStatus.LOCK_OWNER)
if (lockService.getLockStatus(nodeRef) == LockStatus.LOCK_OWNER)
{
return true;
}
if(nodeService.hasAspect(nodeRef, ContentModel.ASPECT_WORKING_COPY))
if (nodeService.hasAspect(nodeRef, ContentModel.ASPECT_WORKING_COPY))
{
NodeRef originial = DefaultTypeConverter.INSTANCE.convert(NodeRef.class, nodeService.getProperty(nodeRef, ContentModel.PROP_COPY_REFERENCE));
return (lockService.getLockStatus(originial) == LockStatus.LOCK_OWNER);
NodeRef original = DefaultTypeConverter.INSTANCE.convert(
NodeRef.class, nodeService.getProperty(nodeRef, ContentModel.PROP_COPY_REFERENCE));
if (nodeService.exists(original))
{
return (lockService.getLockStatus(original) == LockStatus.LOCK_OWNER);
}
else
{
return false;
}
}
else
{
@@ -80,12 +84,8 @@ public class LockOwnerDynamicAuthority implements DynamicAuthority, Initializing
this.lockService = lockService;
}
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
}

2264
source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceImpl.java
View File

File diff suppressed because it is too large Load Diff

3664
source/java/org/alfresco/repo/security/permissions/impl/PermissionServiceTest.java
View File

File diff suppressed because it is too large Load Diff

1936
source/java/org/alfresco/repo/security/permissions/impl/model/PermissionModel.java
View File

File diff suppressed because it is too large Load Diff

41
source/java/org/alfresco/repo/security/permissions/impl/model/PermissionModelTest.java
View File

@@ -22,6 +22,7 @@ import org.alfresco.repo.security.permissions.PermissionEntry;
import org.alfresco.repo.security.permissions.PermissionReference;
import org.alfresco.repo.security.permissions.impl.AbstractPermissionTest;
import org.alfresco.repo.security.permissions.impl.SimplePermissionReference;
import org.alfresco.repo.security.permissions.impl.RequiredPermission.On;
import org.alfresco.service.namespace.QName;
public class PermissionModelTest extends AbstractPermissionTest
@@ -32,12 +33,21 @@ public class PermissionModelTest extends AbstractPermissionTest
super();
}
public void testWoof()
{
QName typeQname = nodeService.getType(rootNodeRef);
Set<QName> aspectQNames = nodeService.getAspects(rootNodeRef);
PermissionReference ref = permissionModelDAO.getPermissionReference(null, "CheckOut");
Set<PermissionReference> answer = permissionModelDAO.getRequiredPermissions(ref, typeQname, aspectQNames, On.NODE);
assertEquals(1, answer.size());
}
public void testIncludePermissionGroups()
{
Set<PermissionReference> grantees = permissionModelDAO.getGranteePermissions(new SimplePermissionReference(QName.createQName("cm", "cmobject",
namespacePrefixResolver), "Consumer"));
assertEquals(5, grantees.size());
assertEquals(8, grantees.size());
}
public void testIncludePermissionGroups2()
@@ -45,7 +55,7 @@ public class PermissionModelTest extends AbstractPermissionTest
Set<PermissionReference> grantees = permissionModelDAO.getGranteePermissions(new SimplePermissionReference(QName.createQName("cm", "cmobject",
namespacePrefixResolver), "Contributor"));
assertEquals(11, grantees.size());
assertEquals(17, grantees.size());
}
public void testIncludePermissionGroups3()
@@ -53,7 +63,7 @@ public class PermissionModelTest extends AbstractPermissionTest
Set<PermissionReference> grantees = permissionModelDAO.getGranteePermissions(new SimplePermissionReference(QName.createQName("cm", "cmobject",
namespacePrefixResolver), "Editor"));
assertEquals(11, grantees.size());
assertEquals(17, grantees.size());
}
public void testIncludePermissionGroups4()
@@ -61,14 +71,34 @@ public class PermissionModelTest extends AbstractPermissionTest
Set<PermissionReference> grantees = permissionModelDAO.getGranteePermissions(new SimplePermissionReference(QName.createQName("cm", "cmobject",
namespacePrefixResolver), "Collaborator"));
assertEquals(16, grantees.size());
assertEquals(24, grantees.size());
}
public void testIncludePermissionGroups5()
{
Set<PermissionReference> grantees = permissionModelDAO.getGranteePermissions(new SimplePermissionReference(QName.createQName("cm", "cmobject",
namespacePrefixResolver), "Coordinator"));
assertEquals(59, grantees.size());
}
public void testIncludePermissionGroups6()
{
Set<PermissionReference> grantees = permissionModelDAO.getGranteePermissions(new SimplePermissionReference(QName.createQName("cm", "cmobject",
namespacePrefixResolver), "RecordAdministrator"));
assertEquals(19, grantees.size());
}
public void testGetGrantingPermissions()
{
Set<PermissionReference> granters = permissionModelDAO.getGrantingPermissions(new SimplePermissionReference(QName.createQName("sys", "base",
namespacePrefixResolver), "ReadProperties"));
assertEquals(9, granters.size());
assertEquals(10, granters.size());
granters = permissionModelDAO.getGrantingPermissions(new SimplePermissionReference(QName.createQName("sys", "base",
namespacePrefixResolver), "_ReadProperties"));
assertEquals(11, granters.size());
}
public void testGlobalPermissions()
@@ -76,4 +106,5 @@ public class PermissionModelTest extends AbstractPermissionTest
Set<? extends PermissionEntry> globalPermissions = permissionModelDAO.getGlobalPermissionEntries();
assertEquals(5, globalPermissions.size());
}
}

439
source/java/org/alfresco/repo/security/person/AbstractHomeFolderProvider.java Normal file
View File

@@ -0,0 +1,439 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.repo.security.person;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.service.ServiceRegistry;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.security.PermissionService;
import org.springframework.beans.factory.BeanNameAware;
import org.springframework.beans.factory.InitializingBean;
/**
* Common support for creating home folders This is hooked into node creation events from Person type objects via the homeFolderManager. Provider must all be wired up to the
* homeFolderManager.
*
* @author Andy Hind
*/
public abstract class AbstractHomeFolderProvider implements HomeFolderProvider, BeanNameAware, InitializingBean
{
/**
* The provider name
*/
private String name;
/**
* The home folder manager
*/
private HomeFolderManager homeFolderManager;
/**
* The store ref in which to conduct searches
*/
private StoreRef storeRef;
/**
* Service registry to get hold of public services (so taht actions are audited)
*/
private ServiceRegistry serviceRegistry;
/**
* The path to a folder
*/
private String path;
/**
* Cache the result of the path look up.
*/
private NodeRef pathNodeRef;
/**
* The owner to set on creation of a home folder (if unset this will be the uid).
*/
private String ownerOnCreate;
/**
* Set if permissions are inherited when nodes are created.
*/
private boolean inheritsPermissionsOnCreate = false;
/**
* A set of permissions to set for the owner when a home folder is created
*/
private Set<String> ownerPemissionsToSetOnCreate;
/**
* General permissions to set on the node Map<(String)uid, Set<(String)permission>>.
*/
private Map<String, Set<String>> permissionsToSetOnCreate;
/**
* Permissions to set for the user - on create and reference.
*/
private Set<String> userPemissions;
/**
* Clear existing permissions on new home folders (useful of created from a template.
*/
private boolean clearExistingPermissionsOnCreate = false;
public AbstractHomeFolderProvider()
{
super();
}
/**
* Register with the homeFolderManagewr
*/
public void afterPropertiesSet() throws Exception
{
homeFolderManager.addProvider(this);
}
// === //
// IOC //
// === //
/**
* Get the home folder manager.
*/
protected HomeFolderManager getHomeFolderManager()
{
return homeFolderManager;
}
/**
* Set the home folder manager.
*
* @param homeFolderManager
*/
public void setHomeFolderManager(HomeFolderManager homeFolderManager)
{
this.homeFolderManager = homeFolderManager;
}
/**
* Get the provider name
*/
public String getName()
{
return name;
}
/**
* The provider name is taken from the bean name
*/
public void setBeanName(String name)
{
this.name = name;
}
/**
* Get the path
*
* @return
*/
protected String getPath()
{
return path;
}
/**
* Set the path
*
* @param path
*/
public void setPath(String path)
{
this.path = path;
}
/**
* Get the store ref
*
* @return
*/
protected StoreRef getStoreRef()
{
return storeRef;
}
/**
* Set the store ref
*
* @param storeRef
*/
public void setStoreRef(StoreRef storeRef)
{
this.storeRef = storeRef;
}
/**
* Set the store from the string url.
*
* @param storeUrl
*/
public void setStoreUrl(String storeUrl)
{
this.storeRef = new StoreRef(storeUrl);
}
/**
* Get the service registry.
*
* @return
*/
protected ServiceRegistry getServiceRegistry()
{
return serviceRegistry;
}
/**
* Set the service registry.
*
* @param serviceRegistry
*/
public void setServiceRegistry(ServiceRegistry serviceRegistry)
{
this.serviceRegistry = serviceRegistry;
}
/**
* Inherit permissions when home folder are created?
*
* @param inheritsPermissionsOnCreate
*/
public void setInheritsPermissionsOnCreate(boolean inheritsPermissionsOnCreate)
{
this.inheritsPermissionsOnCreate = inheritsPermissionsOnCreate;
}
/**
* The owner to set on create.
*
* @param ownerOnCreate
*/
public void setOwnerOnCreate(String ownerOnCreate)
{
this.ownerOnCreate = ownerOnCreate;
}
/**
* The owner permissions to set on create.
*
* @param ownerPemissionsToSetOnCreate
*/
public void setOwnerPemissionsToSetOnCreate(Set<String> ownerPemissionsToSetOnCreate)
{
this.ownerPemissionsToSetOnCreate = ownerPemissionsToSetOnCreate;
}
/**
* General permissions to set on create.
*
* @param permissionsToSetOnCreate
*/
public void setPermissionsToSetOnCreate(Map<String, Set<String>> permissionsToSetOnCreate)
{
this.permissionsToSetOnCreate = permissionsToSetOnCreate;
}
/**
* User permissions to set on create and on reference.
*
* @param userPemissions
*/
public void setUserPemissions(Set<String> userPemissions)
{
this.userPemissions = userPemissions;
}
/**
* Clear exising permissions on create. Useful to clear permissions from a template.
*
* @param clearExistingPermissionsOnCreate
*/
public void setClearExistingPermissionsOnCreate(boolean clearExistingPermissionsOnCreate)
{
this.clearExistingPermissionsOnCreate = clearExistingPermissionsOnCreate;
}
/**
* Cache path to node resolution/
*
* @return
*/
protected synchronized NodeRef getPathNodeRef()
{
if (pathNodeRef == null)
{
pathNodeRef = resolvePath(path);
}
return pathNodeRef;
}
/**
* Utility metho to resolve paths to nodes.
*
* @param pathToResolve
* @return
*/
protected NodeRef resolvePath(String pathToResolve)
{
List<NodeRef> refs = serviceRegistry.getSearchService().selectNodes(
serviceRegistry.getNodeService().getRootNode(storeRef), pathToResolve, null,
serviceRegistry.getNamespaceService(), false);
if (refs.size() != 1)
{
throw new IllegalStateException("Non-unique path: found : " + pathToResolve + " " + refs.size());
}
return refs.get(0);
}
/**
* The implementation of the policy binding. Run as the system user for auditing.
*/
public void onCreateNode(ChildAssociationRef childAssocRef)
{
AuthenticationUtil.RunAsWork<NodeRef> action = new OnCreateNode(childAssocRef);
AuthenticationUtil.runAs(action, AuthenticationUtil.getSystemUserName());
}
/**
* Abstract implementation to find/create the approriate home space.
*
* @param person
* @return
*/
protected abstract HomeSpaceNodeRef getHomeFolder(NodeRef person);
/**
* Helper class to encapsulate the createion settinhg permissions etc
*
* @author Andy Hind
*/
private class OnCreateNode implements AuthenticationUtil.RunAsWork<NodeRef>
{
ChildAssociationRef childAssocRef;
OnCreateNode(ChildAssociationRef childAssocRef)
{
this.childAssocRef = childAssocRef;
}
public NodeRef doWork() throws Exception
{
// Find person
NodeRef personNodeRef = childAssocRef.getChildRef();
// Get home folder
HomeSpaceNodeRef homeFolder = getHomeFolder(personNodeRef);
// If it exists
if (homeFolder.getNodeRef() != null)
{
// Get uid and keep
String uid = DefaultTypeConverter.INSTANCE.convert(String.class, serviceRegistry.getNodeService()
.getProperty(personNodeRef, ContentModel.PROP_USERNAME));
// If created or found then set (other wise it was already set correctly)
if (homeFolder.getStatus() != HomeSpaceNodeRef.Status.VALID)
{
serviceRegistry.getNodeService().setProperty(personNodeRef, ContentModel.PROP_HOMEFOLDER,
homeFolder.getNodeRef());
}
// If created..
if (homeFolder.getStatus() == HomeSpaceNodeRef.Status.CREATED)
{
// Set to a specified owner or make owned by the person.
if (ownerOnCreate != null)
{
serviceRegistry.getOwnableService().setOwner(homeFolder.getNodeRef(), ownerOnCreate);
}
else
{
serviceRegistry.getOwnableService().setOwner(homeFolder.getNodeRef(), uid);
}
// clear permissions - useful of not required from a template
if (clearExistingPermissionsOnCreate)
{
serviceRegistry.getPermissionService().deletePermissions(homeFolder.getNodeRef());
}
// inherit permissions
serviceRegistry.getPermissionService().setInheritParentPermissions(homeFolder.getNodeRef(),
inheritsPermissionsOnCreate);
// Set owner permissions
if (ownerPemissionsToSetOnCreate != null)
{
for (String permission : ownerPemissionsToSetOnCreate)
{
serviceRegistry.getPermissionService().setPermission(homeFolder.getNodeRef(),
PermissionService.OWNER_AUTHORITY, permission, true);
}
}
// Add other permissions
if (permissionsToSetOnCreate != null)
{
for (String user : permissionsToSetOnCreate.keySet())
{
Set<String> set = permissionsToSetOnCreate.get(user);
if (set != null)
{
for (String permission : set)
{
serviceRegistry.getPermissionService().setPermission(homeFolder.getNodeRef(), user,
permission, true);
}
}
}
}
}
// Add user permissions on create and reference
if (userPemissions != null)
{
for (String permission : userPemissions)
{
serviceRegistry.getPermissionService().setPermission(homeFolder.getNodeRef(), uid, permission,
true);
}
}
}
return homeFolder.getNodeRef();
}
}
}

37
source/java/org/alfresco/repo/security/person/BootstrapHomeFolderProvider.java Normal file
View File

@@ -0,0 +1,37 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.repo.security.person;
import org.alfresco.service.cmr.repository.NodeRef;
/**
* Provider to use in the boostrap process - does nothing
*
* Probably not required as behaviour/policies are disabled during normal import.
*
* @author Andy Hind
*/
public class BootstrapHomeFolderProvider extends AbstractHomeFolderProvider
{
@Override
protected HomeSpaceNodeRef getHomeFolder(NodeRef person)
{
return new HomeSpaceNodeRef(null, HomeSpaceNodeRef.Status.VALID);
}
}

50
source/java/org/alfresco/repo/security/person/ExistingPathBasedHomeFolderProvider.java Normal file
View File

@@ -0,0 +1,50 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.repo.security.person;
import org.alfresco.model.ContentModel;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
/**
* Set a home space from a simple path.
*
* @author Andy Hind
*/
public class ExistingPathBasedHomeFolderProvider extends AbstractHomeFolderProvider
{
public ExistingPathBasedHomeFolderProvider()
{
super();
}
protected HomeSpaceNodeRef getHomeFolder(NodeRef person)
{
NodeRef existingHomeFolder = DefaultTypeConverter.INSTANCE.convert(NodeRef.class, getServiceRegistry().getNodeService().getProperty(
person, ContentModel.PROP_HOMEFOLDER));
if (existingHomeFolder == null)
{
return new HomeSpaceNodeRef(getPathNodeRef(), HomeSpaceNodeRef.Status.REFERENCED);
}
else
{
return new HomeSpaceNodeRef(existingHomeFolder, HomeSpaceNodeRef.Status.VALID);
}
}
}

123
source/java/org/alfresco/repo/security/person/HomeFolderManager.java Normal file
View File

@@ -0,0 +1,123 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.repo.security.person;
import java.util.HashMap;
import java.util.Map;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.node.NodeServicePolicies;
import org.alfresco.repo.policy.JavaBehaviour;
import org.alfresco.repo.policy.PolicyComponent;
import org.alfresco.service.cmr.repository.ChildAssociationRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.namespace.NamespaceService;
import org.alfresco.service.namespace.QName;
import org.springframework.beans.factory.InitializingBean;
/**
* Manage home folder creation by binding to events from the cm:person type.
*
* @author Andy Hind
*/
public class HomeFolderManager implements InitializingBean, NodeServicePolicies.OnCreateNodePolicy
{
private PolicyComponent policyComponent;
private NodeService nodeService;
/**
* A default provider
*/
private HomeFolderProvider defaultProvider;
/**
* Providers that have registered and are looken up by name (== bean name)
*/
private Map<String, HomeFolderProvider> providers = new HashMap<String, HomeFolderProvider>();
/**
* Bind the calss behaviour to this implementation
*/
public void afterPropertiesSet() throws Exception
{
policyComponent.bindClassBehaviour(QName.createQName(NamespaceService.ALFRESCO_URI, "onCreateNode"),
ContentModel.TYPE_PERSON, new JavaBehaviour(this, "onCreateNode"));
}
/**
* Set the policy component.
*
* @param policyComponent
*/
public void setPolicyComponent(PolicyComponent policyComponent)
{
this.policyComponent = policyComponent;
}
/**
* Set the node service.
* @param nodeService
*/
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
/**
* Register a home folder provider.
*
* @param provider
*/
public void addProvider(HomeFolderProvider provider)
{
providers.put(provider.getName(), provider);
}
/**
* Set the default home folder provider (user which none is specified or when one is not found)
* @param defaultProvider
*/
public void setDefaultProvider(HomeFolderProvider defaultProvider)
{
this.defaultProvider = defaultProvider;
}
/**
* Find the provider and call.
*/
public void onCreateNode(ChildAssociationRef childAssocRef)
{
HomeFolderProvider provider = defaultProvider;
String providerName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(childAssocRef
.getChildRef(), ContentModel.PROP_HOME_FOLDER_PROVIDER));
if (providerName != null)
{
provider = providers.get(providerName);
if (provider == null)
{
provider = defaultProvider;
}
}
if (provider != null)
{
provider.onCreateNode(childAssocRef);
}
}
}

34
source/java/org/alfresco/repo/security/person/HomeFolderProvider.java Normal file
View File

@@ -0,0 +1,34 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.repo.security.person;
import org.alfresco.repo.node.NodeServicePolicies;
/**
* Interface for home folder providers.
*
* @author Andy Hind
*/
public interface HomeFolderProvider extends NodeServicePolicies.OnCreateNodePolicy
{
/**
* Get the name of the provider.
*
* @return
*/
public String getName();
}

53
source/java/org/alfresco/repo/security/person/HomeSpaceNodeRef.java Normal file
View File

@@ -0,0 +1,53 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.repo.security.person;
import org.alfresco.service.cmr.repository.NodeRef;
/**
* A ref to a home folder
* - the node ref
* - a simple status as to how it was obtained
*
* @author Andy Hind
*/
public class HomeSpaceNodeRef
{
public enum Status{VALID, REFERENCED, CREATED};
private NodeRef nodeRef;
private Status status;
public HomeSpaceNodeRef(NodeRef nodeRef, Status status)
{
this.nodeRef = nodeRef;
this.status = status;
}
NodeRef getNodeRef()
{
return nodeRef;
}
Status getStatus()
{
return status;
}
}

798
source/java/org/alfresco/repo/security/person/PersonServiceImpl.java
View File

@@ -1,410 +1,388 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.repo.security.person;
import java.io.Serializable;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.permissions.PermissionServiceSPI;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.search.ResultSet;
import org.alfresco.service.cmr.search.ResultSetRow;
import org.alfresco.service.cmr.search.SearchParameters;
import org.alfresco.service.cmr.search.SearchService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.NoSuchPersonException;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.NamespacePrefixResolver;
import org.alfresco.service.namespace.QName;
public class PersonServiceImpl implements PersonService
{
public static final String SYSTEM_FOLDER = "/sys:system";
public static final String PEOPLE_FOLDER = SYSTEM_FOLDER + "/sys:people";
// IOC
private StoreRef storeRef;
private NodeService nodeService;
private SearchService searchService;
private AuthorityService authorityService;
private PermissionServiceSPI permissionServiceSPI;
private NamespacePrefixResolver namespacePrefixResolver;
private boolean createMissingPeople;
private String companyHomePath;
private NodeRef companyHomeNodeRef;
private static Set<QName> mutableProperties;
private boolean userNamesAreCaseSensitive = false;
static
{
Set<QName> props = new HashSet<QName>();
props.add(ContentModel.PROP_HOMEFOLDER);
props.add(ContentModel.PROP_FIRSTNAME);
// Middle Name
props.add(ContentModel.PROP_LASTNAME);
props.add(ContentModel.PROP_EMAIL);
props.add(ContentModel.PROP_ORGID);
mutableProperties = Collections.unmodifiableSet(props);
}
public PersonServiceImpl()
{
super();
}
public boolean getUserNamesAreCaseSensitive()
{
return userNamesAreCaseSensitive;
}
public void setUserNamesAreCaseSensitive(boolean userNamesAreCaseSensitive)
{
this.userNamesAreCaseSensitive = userNamesAreCaseSensitive;
}
public NodeRef getPerson(String userName)
{
NodeRef personNode = getPersonOrNull(userName);
if (personNode == null)
{
if (createMissingPeople())
{
return createMissingPerson(userName);
}
else
{
throw new NoSuchPersonException(userName);
}
}
else
{
return personNode;
}
}
public boolean personExists(String caseSensitiveUserName)
{
return getPersonOrNull(caseSensitiveUserName) != null;
}
public NodeRef getPersonOrNull(String searchUserName)
{
SearchParameters sp = new SearchParameters();
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\\{http\\://www.alfresco.org/model/content/1.0\\}person +@cm\\:userName:\"" + searchUserName
+ "\"");
sp.addStore(storeRef);
sp.excludeDataInTheCurrentTransaction(false);
ResultSet rs = null;
try
{
rs = searchService.query(sp);
NodeRef returnRef = null;
for (ResultSetRow row : rs)
{
NodeRef nodeRef = row.getNodeRef();
if (nodeService.exists(nodeRef))
{
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(
nodeRef, ContentModel.PROP_USERNAME));
if (userNamesAreCaseSensitive)
{
if (realUserName.equals(searchUserName))
{
if (returnRef == null)
{
returnRef = nodeRef;
}
else
{
throw new AlfrescoRuntimeException("Found more than one user for " + searchUserName
+ " (case sensitive)");
}
}
}
else
{
if (realUserName.equalsIgnoreCase(searchUserName))
{
if (returnRef == null)
{
returnRef = nodeRef;
}
else
{
throw new AlfrescoRuntimeException("Found more than one user for " + searchUserName
+ " (case insensitive)");
}
}
}
}
}
return returnRef;
}
finally
{
if (rs != null)
{
rs.close();
}
}
}
public boolean createMissingPeople()
{
return createMissingPeople;
}
public Set<QName> getMutableProperties()
{
return mutableProperties;
}
public void setPersonProperties(String userName, Map<QName, Serializable> properties)
{
NodeRef personNode = getPersonOrNull(userName);
if (personNode == null)
{
if (createMissingPeople())
{
personNode = createMissingPerson(userName);
}
else
{
throw new PersonException("No person found for user name " + userName);
}
}
else
{
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(personNode,
ContentModel.PROP_USERNAME));
properties.put(ContentModel.PROP_USERNAME, realUserName);
}
nodeService.setProperties(personNode, properties);
}
public boolean isMutable()
{
return true;
}
private NodeRef createMissingPerson(String userName)
{
HashMap<QName, Serializable> properties = getDefaultProperties(userName);
return createPerson(properties);
}
private HashMap<QName, Serializable> getDefaultProperties(String userName)
{
HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_USERNAME, userName);
properties.put(ContentModel.PROP_HOMEFOLDER, getHomeFolder());
properties.put(ContentModel.PROP_FIRSTNAME, userName);
properties.put(ContentModel.PROP_LASTNAME, "");
properties.put(ContentModel.PROP_EMAIL, "");
properties.put(ContentModel.PROP_ORGID, "");
return properties;
}
private NodeRef getHomeFolder()
{
return getCompanyHome();
}
public NodeRef createPerson(Map<QName, Serializable> properties)
{
String userName = DefaultTypeConverter.INSTANCE.convert(String.class, properties
.get(ContentModel.PROP_USERNAME));
properties.put(ContentModel.PROP_USERNAME, userName);
return nodeService.createNode(getPeopleContainer(), ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_PERSON,
ContentModel.TYPE_PERSON, properties).getChildRef();
}
public NodeRef getPeopleContainer()
{
NodeRef rootNodeRef = nodeService.getRootNode(storeRef);
List<NodeRef> results = searchService.selectNodes(rootNodeRef, PEOPLE_FOLDER, null, namespacePrefixResolver,
false);
if (results.size() == 0)
{
throw new AlfrescoRuntimeException("Required people system path not found: " + PEOPLE_FOLDER);
}
else
{
return results.get(0);
}
}
public void deletePerson(String userName)
{
NodeRef personNodeRef = getPersonOrNull(userName);
// delete the person
if (personNodeRef != null)
{
nodeService.deleteNode(personNodeRef);
}
// remove user from any containing authorities
Set<String> containerAuthorities = authorityService.getContainingAuthorities(null, userName, true);
for (String containerAuthority : containerAuthorities)
{
authorityService.removeAuthority(containerAuthority, userName);
}
// remove any user permissions
permissionServiceSPI.deletePermissions(userName);
}
public Set<NodeRef> getAllPeople()
{
SearchParameters sp = new SearchParameters();
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"" + ContentModel.TYPE_PERSON + "\"");
sp.addStore(storeRef);
sp.excludeDataInTheCurrentTransaction(false);
LinkedHashSet<NodeRef> nodes = new LinkedHashSet<NodeRef>();
ResultSet rs = null;
try
{
rs = searchService.query(sp);
for (ResultSetRow row : rs)
{
NodeRef nodeRef = row.getNodeRef();
if (nodeService.exists(nodeRef))
{
nodes.add(nodeRef);
}
}
}
finally
{
if (rs != null)
{
rs.close();
}
}
return nodes;
}
public void setCreateMissingPeople(boolean createMissingPeople)
{
this.createMissingPeople = createMissingPeople;
}
public void setNamespacePrefixResolver(NamespacePrefixResolver namespacePrefixResolver)
{
this.namespacePrefixResolver = namespacePrefixResolver;
}
public void setAuthorityService(AuthorityService authorityService)
{
this.authorityService = authorityService;
}
public void setPermissionServiceSPI(PermissionServiceSPI permissionServiceSPI)
{
this.permissionServiceSPI = permissionServiceSPI;
}
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
public void setSearchService(SearchService searchService)
{
this.searchService = searchService;
}
public void setStoreUrl(String storeUrl)
{
this.storeRef = new StoreRef(storeUrl);
}
public void setCompanyHomePath(String companyHomePath)
{
this.companyHomePath = companyHomePath;
}
public synchronized NodeRef getCompanyHome()
{
if (companyHomeNodeRef == null)
{
List<NodeRef> refs = searchService.selectNodes(nodeService.getRootNode(storeRef), companyHomePath, null,
namespacePrefixResolver, false);
if (refs.size() != 1)
{
throw new IllegalStateException("Invalid company home path: found : " + refs.size());
}
companyHomeNodeRef = refs.get(0);
}
return companyHomeNodeRef;
}
public String getUserIdentifier(String caseSensitiveUserName)
{
NodeRef nodeRef = getPersonOrNull(caseSensitiveUserName);
if ((nodeRef != null) && nodeService.exists(nodeRef))
{
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef,
ContentModel.PROP_USERNAME));
return realUserName;
}
return null;
}
// IOC Setters
}
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.repo.security.person;
import java.io.Serializable;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.alfresco.error.AlfrescoRuntimeException;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.permissions.PermissionServiceSPI;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.repository.StoreRef;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
import org.alfresco.service.cmr.search.ResultSet;
import org.alfresco.service.cmr.search.ResultSetRow;
import org.alfresco.service.cmr.search.SearchParameters;
import org.alfresco.service.cmr.search.SearchService;
import org.alfresco.service.cmr.security.AuthorityService;
import org.alfresco.service.cmr.security.NoSuchPersonException;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.namespace.NamespacePrefixResolver;
import org.alfresco.service.namespace.QName;
public class PersonServiceImpl implements PersonService
{
public static final String SYSTEM_FOLDER = "/sys:system";
public static final String PEOPLE_FOLDER = SYSTEM_FOLDER + "/sys:people";
// IOC
private StoreRef storeRef;
private NodeService nodeService;
private SearchService searchService;
private AuthorityService authorityService;
private PermissionServiceSPI permissionServiceSPI;
private NamespacePrefixResolver namespacePrefixResolver;
private boolean createMissingPeople;
private static Set<QName> mutableProperties;
private boolean userNamesAreCaseSensitive = false;
private String defaultHomeFolderProvider;
static
{
Set<QName> props = new HashSet<QName>();
props.add(ContentModel.PROP_HOMEFOLDER);
props.add(ContentModel.PROP_FIRSTNAME);
// Middle Name
props.add(ContentModel.PROP_LASTNAME);
props.add(ContentModel.PROP_EMAIL);
props.add(ContentModel.PROP_ORGID);
mutableProperties = Collections.unmodifiableSet(props);
}
public PersonServiceImpl()
{
super();
}
public boolean getUserNamesAreCaseSensitive()
{
return userNamesAreCaseSensitive;
}
public void setUserNamesAreCaseSensitive(boolean userNamesAreCaseSensitive)
{
this.userNamesAreCaseSensitive = userNamesAreCaseSensitive;
}
void setDefaultHomeFolderProvider(String defaultHomeFolderProvider)
{
this.defaultHomeFolderProvider = defaultHomeFolderProvider;
}
public NodeRef getPerson(String userName)
{
NodeRef personNode = getPersonOrNull(userName);
if (personNode == null)
{
if (createMissingPeople())
{
return createMissingPerson(userName);
}
else
{
throw new NoSuchPersonException(userName);
}
}
else
{
return personNode;
}
}
public boolean personExists(String caseSensitiveUserName)
{
return getPersonOrNull(caseSensitiveUserName) != null;
}
public NodeRef getPersonOrNull(String searchUserName)
{
SearchParameters sp = new SearchParameters();
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\\{http\\://www.alfresco.org/model/content/1.0\\}person +@cm\\:userName:\"" + searchUserName
+ "\"");
sp.addStore(storeRef);
sp.excludeDataInTheCurrentTransaction(false);
ResultSet rs = null;
try
{
rs = searchService.query(sp);
NodeRef returnRef = null;
for (ResultSetRow row : rs)
{
NodeRef nodeRef = row.getNodeRef();
if (nodeService.exists(nodeRef))
{
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(
nodeRef, ContentModel.PROP_USERNAME));
if (userNamesAreCaseSensitive)
{
if (realUserName.equals(searchUserName))
{
if (returnRef == null)
{
returnRef = nodeRef;
}
else
{
throw new AlfrescoRuntimeException("Found more than one user for " + searchUserName
+ " (case sensitive)");
}
}
}
else
{
if (realUserName.equalsIgnoreCase(searchUserName))
{
if (returnRef == null)
{
returnRef = nodeRef;
}
else
{
throw new AlfrescoRuntimeException("Found more than one user for " + searchUserName
+ " (case insensitive)");
}
}
}
}
}
return returnRef;
}
finally
{
if (rs != null)
{
rs.close();
}
}
}
public boolean createMissingPeople()
{
return createMissingPeople;
}
public Set<QName> getMutableProperties()
{
return mutableProperties;
}
public void setPersonProperties(String userName, Map<QName, Serializable> properties)
{
NodeRef personNode = getPersonOrNull(userName);
if (personNode == null)
{
if (createMissingPeople())
{
personNode = createMissingPerson(userName);
}
else
{
throw new PersonException("No person found for user name " + userName);
}
}
else
{
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(personNode,
ContentModel.PROP_USERNAME));
properties.put(ContentModel.PROP_USERNAME, realUserName);
}
nodeService.setProperties(personNode, properties);
}
public boolean isMutable()
{
return true;
}
private NodeRef createMissingPerson(String userName)
{
HashMap<QName, Serializable> properties = getDefaultProperties(userName);
return createPerson(properties);
}
private HashMap<QName, Serializable> getDefaultProperties(String userName)
{
HashMap<QName, Serializable> properties = new HashMap<QName, Serializable>();
properties.put(ContentModel.PROP_USERNAME, userName);
properties.put(ContentModel.PROP_FIRSTNAME, userName);
properties.put(ContentModel.PROP_LASTNAME, "");
properties.put(ContentModel.PROP_EMAIL, "");
properties.put(ContentModel.PROP_ORGID, "");
properties.put(ContentModel.PROP_HOME_FOLDER_PROVIDER, defaultHomeFolderProvider);
return properties;
}
public NodeRef createPerson(Map<QName, Serializable> properties)
{
String userName = DefaultTypeConverter.INSTANCE.convert(String.class, properties
.get(ContentModel.PROP_USERNAME));
properties.put(ContentModel.PROP_USERNAME, userName);
return nodeService.createNode(getPeopleContainer(), ContentModel.ASSOC_CHILDREN, ContentModel.TYPE_PERSON,
ContentModel.TYPE_PERSON, properties).getChildRef();
}
public NodeRef getPeopleContainer()
{
NodeRef rootNodeRef = nodeService.getRootNode(storeRef);
List<NodeRef> results = searchService.selectNodes(rootNodeRef, PEOPLE_FOLDER, null, namespacePrefixResolver,
false);
if (results.size() == 0)
{
throw new AlfrescoRuntimeException("Required people system path not found: " + PEOPLE_FOLDER);
}
else
{
return results.get(0);
}
}
public void deletePerson(String userName)
{
NodeRef personNodeRef = getPersonOrNull(userName);
// delete the person
if (personNodeRef != null)
{
nodeService.deleteNode(personNodeRef);
}
// remove user from any containing authorities
Set<String> containerAuthorities = authorityService.getContainingAuthorities(null, userName, true);
for (String containerAuthority : containerAuthorities)
{
authorityService.removeAuthority(containerAuthority, userName);
}
// remove any user permissions
permissionServiceSPI.deletePermissions(userName);
}
public Set<NodeRef> getAllPeople()
{
SearchParameters sp = new SearchParameters();
sp.setLanguage(SearchService.LANGUAGE_LUCENE);
sp.setQuery("TYPE:\"" + ContentModel.TYPE_PERSON + "\"");
sp.addStore(storeRef);
sp.excludeDataInTheCurrentTransaction(false);
LinkedHashSet<NodeRef> nodes = new LinkedHashSet<NodeRef>();
ResultSet rs = null;
try
{
rs = searchService.query(sp);
for (ResultSetRow row : rs)
{
NodeRef nodeRef = row.getNodeRef();
if (nodeService.exists(nodeRef))
{
nodes.add(nodeRef);
}
}
}
finally
{
if (rs != null)
{
rs.close();
}
}
return nodes;
}
public void setCreateMissingPeople(boolean createMissingPeople)
{
this.createMissingPeople = createMissingPeople;
}
public void setNamespacePrefixResolver(NamespacePrefixResolver namespacePrefixResolver)
{
this.namespacePrefixResolver = namespacePrefixResolver;
}
public void setAuthorityService(AuthorityService authorityService)
{
this.authorityService = authorityService;
}
public void setPermissionServiceSPI(PermissionServiceSPI permissionServiceSPI)
{
this.permissionServiceSPI = permissionServiceSPI;
}
public void setNodeService(NodeService nodeService)
{
this.nodeService = nodeService;
}
public void setSearchService(SearchService searchService)
{
this.searchService = searchService;
}
public void setStoreUrl(String storeUrl)
{
this.storeRef = new StoreRef(storeUrl);
}
public String getUserIdentifier(String caseSensitiveUserName)
{
NodeRef nodeRef = getPersonOrNull(caseSensitiveUserName);
if ((nodeRef != null) && nodeService.exists(nodeRef))
{
String realUserName = DefaultTypeConverter.INSTANCE.convert(String.class, nodeService.getProperty(nodeRef,
ContentModel.PROP_USERNAME));
return realUserName;
}
return null;
}
// IOC Setters
}

105
source/java/org/alfresco/repo/security/person/UIDBasedHomeFolderProvider.java Normal file
View File

@@ -0,0 +1,105 @@
/*
* Copyright (C) 2005 Alfresco, Inc.
*
* Licensed under the Mozilla Public License version 1.1
* with a permitted attribution clause. You may obtain a
* copy of the License at
*
* http://www.alfresco.org/legal/license.txt
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
* either express or implied. See the License for the specific
* language governing permissions and limitations under the
* License.
*/
package org.alfresco.repo.security.person;
import org.alfresco.model.ContentModel;
import org.alfresco.service.cmr.model.FileInfo;
import org.alfresco.service.cmr.model.FileNotFoundException;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.datatype.DefaultTypeConverter;
/**
* Create home spaces based on the UID of the user.
*
* If a suitable space is found it is reused, if not it will be made.
*
* @author Andy Hind
*/
public class UIDBasedHomeFolderProvider extends ExistingPathBasedHomeFolderProvider
{
private String templatePath;
private NodeRef templateNodeRef;
public UIDBasedHomeFolderProvider()
{
super();
}
public void setTemplatePath(String templatePath)
{
this.templatePath = templatePath;
}
protected HomeSpaceNodeRef getHomeFolder(NodeRef person)
{
NodeRef existingHomeFolder = DefaultTypeConverter.INSTANCE.convert(NodeRef.class, getServiceRegistry()
.getNodeService().getProperty(person, ContentModel.PROP_HOMEFOLDER));
if (existingHomeFolder == null)
{
String uid = DefaultTypeConverter.INSTANCE.convert(String.class, getServiceRegistry().getNodeService()
.getProperty(person, ContentModel.PROP_USERNAME));
FileInfo fileInfo;
// Test if it already exists
NodeRef exising = getServiceRegistry().getFileFolderService().searchSimple(getPathNodeRef(), uid);
if (exising != null)
{
fileInfo = getServiceRegistry().getFileFolderService().getFileInfo(exising);
}
else
{
if (templatePath == null)
{
fileInfo = getServiceRegistry().getFileFolderService().create(getPathNodeRef(), uid,
ContentModel.TYPE_FOLDER);
}
else
{
try
{
fileInfo = getServiceRegistry().getFileFolderService().copy(getTemplateNodeRef(),
getPathNodeRef(), uid);
}
catch (FileNotFoundException e)
{
throw new PersonException("Invalid template to create home space");
}
}
}
NodeRef homeFolderNodeRef = fileInfo.getNodeRef();
return new HomeSpaceNodeRef(homeFolderNodeRef, HomeSpaceNodeRef.Status.CREATED);
}
else
{
return new HomeSpaceNodeRef(existingHomeFolder, HomeSpaceNodeRef.Status.VALID);
}
}
protected synchronized NodeRef getTemplateNodeRef()
{
if (templateNodeRef == null)
{
templateNodeRef = resolvePath(templatePath);
}
return templateNodeRef;
}
}